From 8b88ab07f7cfc216407a88d75ad8f0546224c8d7 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Fri, 20 Oct 2000 14:36:32 -0200
Subject: [PATCH] more controled use of `sprintf'

---
 lobject.c | 27 ++++++++++++++++++---------
 lua.c     |  8 ++++----
 lzio.h    |  5 ++++-
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/lobject.c b/lobject.c
index fd54eefd..f7bf2bd0 100644
--- a/lobject.c
+++ b/lobject.c
@@ -1,5 +1,5 @@
 /*
-** $Id: lobject.c,v 1.53 2000/10/09 13:47:32 roberto Exp roberto $
+** $Id: lobject.c,v 1.54 2000/10/10 19:53:20 roberto Exp roberto $
 ** Some generic functions over Lua objects
 ** See Copyright Notice in lua.h
 */
@@ -76,10 +76,13 @@ int luaO_str2d (const char *s, Number *result) {  /* LUA_NUMBER */
 }
 
 
+/* maximum length of a string format for `luaO_verror' */
+#define MAX_VERROR	280
+
 /* this function needs to handle only '%d' and '%.XXs' formats */
 void luaO_verror (lua_State *L, const char *fmt, ...) {
   va_list argp;
-  char buff[600];  /* to hold formatted message */
+  char buff[MAX_VERROR];  /* to hold formatted message */
   va_start(argp, fmt);
   vsprintf(buff, fmt, argp);
   va_end(argp);
@@ -88,8 +91,10 @@ void luaO_verror (lua_State *L, const char *fmt, ...) {
 
 
 void luaO_chunkid (char *out, const char *source, int bufflen) {
-  if (*source == '=')
-    sprintf(out, "%.*s", bufflen-1, source+1);  /* remove first char */
+  if (*source == '=') {
+    strncpy(out, source+1, bufflen);  /* remove first char */
+    out[bufflen-1] = '\0';  /* ensures null termination */
+  }
   else {
     if (*source == '@') {
       int l;
@@ -98,19 +103,23 @@ void luaO_chunkid (char *out, const char *source, int bufflen) {
       l = strlen(source);
       if (l>bufflen) {
         source += (l-bufflen);  /* get last part of file name */
-        sprintf(out, "file `...%s'", source);
+        sprintf(out, "file `...%.99s'", source);
       }
       else
-        sprintf(out, "file `%s'", source);
+        sprintf(out, "file `%.99s'", source);
     }
     else {
       int len = strcspn(source, "\n");  /* stop at first newline */
       bufflen -= sizeof("string \"%.*s...\"");
       if (len > bufflen) len = bufflen;
-      if (source[len] != '\0')  /* must truncate? */
-        sprintf(out, "string \"%.*s...\"", len, source);
+      if (source[len] != '\0') {  /* must truncate? */
+        strcpy(out, "string \"");
+        out += strlen(out);
+        strncpy(out, source, len);
+        strcpy(out+len, "...\"");
+      }
       else
-        sprintf(out, "string \"%s\"", source);
+        sprintf(out, "string \"%.99s\"", source);
     }
   }
 }
diff --git a/lua.c b/lua.c
index 1bd9a4bc..47d69ecc 100644
--- a/lua.c
+++ b/lua.c
@@ -1,5 +1,5 @@
 /*
-** $Id: lua.c,v 1.53 2000/10/09 15:46:43 roberto Exp roberto $
+** $Id: lua.c,v 1.54 2000/10/17 13:36:24 roberto Exp roberto $
 ** Lua stand-alone interpreter
 ** See Copyright Notice in lua.h
 */
@@ -115,7 +115,7 @@ static void print_message (void) {
 
 
 static void print_version (void) {
-  printf("%s  %s\n", LUA_VERSION, LUA_COPYRIGHT);
+  printf("%.80s  %.80s\n", LUA_VERSION, LUA_COPYRIGHT);
 }
 
 
@@ -255,7 +255,7 @@ static int handle_argv (char *argv[], struct Options *opt) {
               return EXIT_FAILURE;
             }
             if (ldo(lua_dostring, argv[i]) != 0) {
-              fprintf(stderr, "lua: error running argument `%s'\n", argv[i]);
+              fprintf(stderr, "lua: error running argument `%.99s'\n", argv[i]);
               return EXIT_FAILURE;
             }
             break;
@@ -289,7 +289,7 @@ static void getstacksize (int argc, char *argv[], struct Options *opt) {
   if (argc >= 2 && argv[1][0] == '-' && argv[1][1] == 's') {
     int stacksize = atoi(&argv[1][2]);
     if (stacksize <= 0) {
-      fprintf(stderr, "lua: invalid stack size ('%s')\n", &argv[1][2]);
+      fprintf(stderr, "lua: invalid stack size ('%.20s')\n", &argv[1][2]);
       exit(EXIT_FAILURE);
     }
     opt->stacksize = stacksize;
diff --git a/lzio.h b/lzio.h
index bcecd0d9..ea838ad0 100644
--- a/lzio.h
+++ b/lzio.h
@@ -1,5 +1,5 @@
 /*
-** $Id: lzio.h,v 1.5 1999/08/16 20:52:00 roberto Exp roberto $
+** $Id: lzio.h,v 1.6 2000/05/24 13:54:49 roberto Exp roberto $
 ** Buffered streams
 ** See Copyright Notice in lua.h
 */
@@ -33,9 +33,12 @@ size_t zread (ZIO* z, void* b, size_t n);	/* read next n bytes */
 #define zname(z)	((z)->name)
 
 
+
 /* --------- Private Part ------------------ */
 
+#ifndef ZBSIZE
 #define ZBSIZE	256			/* buffer size */
+#endif
 
 struct zio {
   size_t n;				/* bytes still unread */